HealthBlawg

David Harlow's Health Care Law Blog

    • Twitter
    • Facebook
    • LinkedIn
    • RSS
    • Email
  • About
  • Archives
  • Podcast
  • Press
  • Awards/Reviews
  • HIPAA
  • HCSM

Massive data breach. Time for sports analogies?

August 22, 2014

In reading an account of the recent attack on Community Health Systems that netted the bad guys 4.5 million patient records and earned CHS a prominent spot on the Wall of Shame, I was struck by the notion put across in the article that all we have to do is work harder to patch vulnerabilities, that with a better defense we can win the game against a skilled quarterback.

I think that we have to come to terms with the notion that privacy is a thing of the past, and that it is not a question of if, but a question of when, any particular system may be hacked. As in the case of the Heartbleed exploit, a back door may be propped open for years before anyone notices, and some exploits may leave no fingerprints.

Speaking of Heartbleed, it now appears that CHS may not have done a thorough job of applying the relevant patches. See: FBI warns healthcare firms they are targeted by hackers | Reuters (The original FBI warning is linked to in the Heartbleed post linked to above.)

What is to be done?

  1. We need to stop using the social security number in medical records and insurance records because, linked with other medical record data, it enables identity theft.
  2. We need to do a better job with authentication of users of systems, so that it becomes harder to use stolen identities to set up new accounts or exploit existing ones.
  3. We need to do a better job of enforcing anti-discrimination laws, because then the release of certain private information will no longer be so devastating.
  4. We need to be honest with ourselves about the limits of privacy and security in the connected world we've built, because otherwise we will all continue to live with unrealistic expectations.
  5. We need to have better systems in place to deal with breaches when — not if — they happen, because we aren't likely to accomplish the first four jobs on this list anytime soon.

What do you think?

David Harlow
The Harlow Group LLC
Health Care Law and Consulting

Filed Under: Health care policy, Health Law, HIPAA, Privacy, Security

you might also like:

  1. The Iceberg Waiting for Your Health Care Data

  2. Is a Ransomware Attack a Data Breach? Maybe.

  3. Data Breach: How Much Will One Cost You?

« Practice Pointers in the Wake of the Johns Hopkins Hospital Privacy Settlement
Health Care Conferences This Fall »

Follow me on Twitter

David Harlow 💉😷 Follow 43,510 17,460

Mastodon @healthblawg@c.im #HealthCare #MedDevice #Compliance #Privacy @MyOmnipod #HIPAA #digitalhealth #HarlowOnHC #pinksocks Tweets are tweets No more no less

healthblawg
healthblawg avatar; David Harlow 💉😷 @healthblawg ·
17h 1665219373223616513

ICYMI> Stephen Williams, CMO of SomaLogic, on the Promise of Proteomics — Harlow on Healthcare https://healthblawg.com/2023/01/stephen-williams-somalogic-proteomics.html?utm_source=twitter&utm_medium=social&utm_campaign=ReviveOldPost #digitalhealth #hcldr #HITsm

Image for the Tweet beginning: ICYMI>  Stephen Williams, CMO Twitter feed image.
Reply on Twitter 1665219373223616513 Retweet on Twitter 1665219373223616513 0 Like on Twitter 1665219373223616513 0 Twitter 1665219373223616513
healthblawg avatar; David Harlow 💉😷 @healthblawg ·
24h 1665113709855776769

ICYMI> From EEGs to actionable clinical endpoints with Jacob Donoghue, MD PhD, CEO of Beacon Biosignals — Harlow on Healthcare https://healthblawg.com/2022/07/jacob-donoghue-beacon-biosignals.html?utm_source=twitter&utm_medium=social&utm_campaign=ReviveOldPost #digitalhealth #hcldr #HITsm

Image for the Tweet beginning: ICYMI>  From EEGs to Twitter feed image.
Reply on Twitter 1665113709855776769 Retweet on Twitter 1665113709855776769 0 Like on Twitter 1665113709855776769 0 Twitter 1665113709855776769
healthblawg avatar; David Harlow 💉😷 @healthblawg ·
3 Jun 1665007971783376898

ICYMI> Lissy Hu, President of Connected Networks at WellSky — Harlow on Healthcare https://healthblawg.com/2023/01/lissy-hu-wellsky.html?utm_source=twitter&utm_medium=social&utm_campaign=ReviveOldPost #digitalhealth #hcldr #HITsm

Image for the Tweet beginning: ICYMI>  Lissy Hu, President Twitter feed image.
Reply on Twitter 1665007971783376898 Retweet on Twitter 1665007971783376898 0 Like on Twitter 1665007971783376898 0 Twitter 1665007971783376898
Load More
Follow me on Mastodon

HIPAAtools

Hipaatools

The HIPAA Compliance Toolkit

The Walking Gallery

The Walking Gallery

Quick Links

  • Home
  • Categories
  • Archives
  • Podcast Interviews
  • HIPAAtools
  • HIPAA Compliance
  • Health Care Social Media
  • Speaking
  • In the Press
  • Blogroll

David Harlow

David Harlow

HealthcareNOW Radio

Connect with David

  • Twitter
  • Facebook
  • LinkedIn
  • RSS
  • Email
  • Subscribe
  • Contact
  • Book Me: Speaking
  • About
  • The Harlow Group LLC
Copyright © 2006–2023
HealthBlawg is a publication of The Harlow Group LLC. See Copyright notice and disclaimer.
Fair use with attribution and a link is encouraged. Click for more on David Harlow.
[footer_backtotop text="Back to top" href="#"]